Book Review – Cybersecurity Ethics An Introduction, by Mary Manjikian

Reading Time: 3 minutes

The Defence Strategic Review urges a rapidly evolved integrated Force that harnesses affects across domains including Cyber (p.54). It recommends “cyber and information capabilities must be scaled up and optimised” which must include focusing on “building and sustaining a trained Defence cyber workforce.” (p.64) Challenges of training, however, include recruiting and retaining the right staff, equipping them to keep pace with the exponential changes in technological capability, and helping them develop appropriate ethical frameworks for their work.

This author Mary Manjikian was a US Foreign Service Officer and now Professor at Regent University in Virginia Beach and the US Naval War College. Most of her readers may be civilian students and teachers of cybersecurity, hacking, information science, surveillance and ethics. But the book is also highly relevant those in the military working in or interfacing with Cyber as a domain. 

Part I introduces the field of ethics, three ethical frameworks (virtue ethics, utilitarianism and deontological ethics), and the idea of an ethical hacker. A key issue is the need for ethical norms in a domain that is still evolving, “building the raft while swimming” as Luciano Floridi suggests (p.12). Cyber operators need to know and follow relevant laws but often legal frameworks are still catching up. As professionals following a Code of Conduct, they need to know how to work independently and still maintain a moral and ethical posture. For example, whereas black hat hackers use ransomware, white hat ethical hackers use penetration testing to help organisations be more secure. Sometimes hackers operate spontaneously for causes, such as the Anonymous vigilante group which took down Russian websites and media during the invasion of Ukraine. 

Part II investigates problems of privacy, surveillance and intellectual property using different ethical frameworks. Utilitarian ethics, for example, argues that domestic security or public health concerns outweigh an absolute right to privacy. Thus British Intelligence set up fake internet faces during the 2009 G20 meetings in London, maintaining it was for the greater good. Technology may one day allow others to read or even influence a brain’s contents without consent – helpful for law enforcement or even military psychological operations from a utilitarian perspective, but questionable from a virtue or deontological lens. 

Surveillance ethics is relevant for traffic cameras, digital epidemiology, contact tracing, facial recognition and obvious military applications. David Omand from British Signals Intelligence proposed six Just War-based principles for ethical communication intercepts: is there a genuine cause, an honest motive, proportionate limited means, rightful authority, reasonable chance of success and last resort? This is helpful in itself for military members but also a valuable model demonstrating how a traditional ethics framework can be used with a freshly contextualised application.    

Intellectual property is a helpful case study of the “uniqueness debate” whether ethical norms should be the same or different in Cyber. Using the deontological principle “reversibility” – whether you would feel okay about something done to you that you are doing to others – some involved in piracy might resent others using their IP. Yet others who are committed to open access might prioritise community ownership and welcome a sharing culture. Almost everyone has been uniquely open about sharing COVID-19 information.    

Part III discusses Cybersecurity issues related to Artificial Intelligence including meaningful human control (MHC); Equity and Inclusion including how algorithmic bias can reinforce stereotypes and discrimination; Big Data including fitness, health, educational and consumer information; and the Military. Recent events with elections in the US and tracking Russia’s invasion of Ukraine demomnstrate the blurred lines between peace and war, civilian and military fighters, conventional and cyber war. The delineation of war and its ethical limits seems less relevant in “hybrid wars” or “grey-zone conflict”. Automated programs and artificial intelligence only further complicate the ethical dilemmas, including considering to what extent machines will be able to be taught to think and act ethically. Moreover, cyber psychological operations threaten to foster disinformation and misinformation across whole populations to destroy credibility and trust – eroding the Just War principle that civilians should not be targeted in wartime let alone peacetime.  

The capabilities tomorrow’s Cyber operators will yield, and the ethical dilemmas they may face, are greater than what previous generations of sailors, soldiers, aviators and public servants have imagined. Cybersecurity Ethics is a comprehensive and timely textbook that offers to help educate members to understand the ethics of current and imagined future technologies and their applications.   

Notes

Publisher details: Mary Manjikian, Cybersecurity Ethics: An Introduction (London: Routledge, 2023)

Further resources including teaching outlines and powerpoints for each chapter are available at https://www.marymanjikian.com/cybersecurityethics

The views expressed in this article are those of the author and do not necessarily reflect the position of the Australian Army, the Department of Defence or the Australian Government.

About the Reviewer

Darren Cronshaw is a Chaplain who has served at Army School of Transport, Puckapunyal, 1st Recruit Training Battalion, Kapooka and Defence Force School of Signals. He is also Professor of Practical and Intercultural Theology with the Australian College of Ministries (Sydney College of Divinity). His hobby is pushing the boundaries of resilience in Ironman triathlons.